Quick (And Free!) Fixes To Help Employees Protect Data
Fail-safe information security may boil down to just one thing - employees.
"I see employee security training as an essential, never-ending task that the industry often fails to give proper attention to," said Ray Carsey, VP-technology at the $1.7-billion Mountain America CU in West Jordan, Utah.
Other credit union IT executives agreed that employees are at once the greatest resource and liability. "You can spend all the money in the world and have it go for nothing if employees don't follow basic security rules," asserted Bill Burrows, chief information officer at $570-million EECU in Fort Worth, Texas.
"We spend significant time and money securing and protecting our data centers, but could probably do more to remind our employees to keep their password secure, log off their computer terminals in their absence and deny individuals unauthorized access to secure areas," Carsey added.
In the spirit of saving the ship from loose lips, credit unions have found quick-and free-fixes that help employees protect data.
The CUSO formed by Bellco Credit Union and Bethpage Federal Credit Union, for instance, credit unions made it easy for employees to log off their computers by programming a shortcut key.
Credit union employees now press a single key to lock up whenever they leave, said John Norton, information security manager at the CUSO, Open Technology Solutions (OTS).
OTS also showed employees another quick way to lock up by holding down the "Windows" logo key and pressing the "L" key, said Norton. "We've now got more locked workstations and less complaining about how much trouble it is to lock them," he added.
Apparently, many credit unions walk the talk when it comes to raising employee awareness about security.
"We developed an information security course for all employees that identifies bad security practices, such as keeping your password on a sticky note, and how this could impact the credit union," explained Burrows at EECU.
And the course is cheap and easy to offer, Burrows said. "We present the training remotely using a conference bridge and a low-cost remote presentation service."
Laptop users at the OTS credit unions are careful to keep sensitive documents in the encrypted area of the hard drive, thanks to new encryption software and a security awareness campaign, said Norton.
"Users are more aware of the information that should be stored encrypted, and loss of equipment containing sensitive information will have less impact on security," he explained.
Carsey often turns to employees when Mountain America is faced with a security challenge.
"Weigh your options before spending money on a piece of software or hardware that promises to fix all your security issues," said Carsey. "It is surprising the solutions to security issues that the staff comes up with," he said.
For info on this story:
* EECU at www.eecu.org
* Mountain America CU at www.macu.org
* Open Technology Solutions at www.open-techs.com